Schneider Electric Wonderware Intelligence の Tableau Server/Desktop における非認証のアクセス権を取得される脆弱性
| Title |
Schneider Electric Wonderware Intelligence の Tableau Server/Desktop における非認証のアクセス権を取得される脆弱性
|
| Summary |
Schneider Electric Wonderware Intelligence の Tableau Server/Desktop には、ローカル認証モードで Tableau Server を使用する場合、非認証のアクセス権を取得される脆弱性が存在します。
|
| Possible impacts |
デフォルトでインストールされているシステムアカウントを使用されることで、非認証のアクセス権を取得される可能性があります。 |
| Solution |
ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date |
Feb. 13, 2017, midnight |
| Registration Date |
April 10, 2017, 12:18 p.m. |
| Last Update |
April 10, 2017, 12:18 p.m. |
|
CVSS3.0 : 緊急
|
| Score |
9.8
|
| Vector |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
CVSS2.0 : 危険
|
| Score |
10
|
| Vector |
AV:N/AC:L/Au:N/C:C/I:C/A:C |
Affected System
| Schneider Electric |
|
Tableau Desktop 7.0 から 10.1.3
|
|
Tableau Server 7.0 から 10.1.3
|
|
Wonderware Intelligence 2014R3 およびそれ以前
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
その他
Change Log
| No |
Changed Details |
Date of change |
| 0 |
[2017年04月10日]
掲載 |
Feb. 17, 2018, 10:37 a.m. |
NVD Vulnerability Information
CVE-2017-5178
| Summary |
An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult to configure with non-default credentials after installation, and changing the default credentials in the embedded Tableau Server is not documented. If Tableau Server is used with Windows integrated security (Active Directory), the software is not vulnerable. However, when Tableau Server is used with local authentication mode, the software is vulnerable. The default system account could be used to gain unauthorized access.
|
| Publication Date |
March 8, 2017, 5:59 p.m. |
| Registration Date |
Jan. 26, 2021, 1:25 p.m. |
| Last Update |
Nov. 21, 2024, 12:27 p.m. |
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:a:schneider-electric:tableau_desktop:10.1.3:*:*:*:*:*:*:* |
|
|
|
|
| cpe:2.3:a:schneider-electric:tableau_server:10.1.3:*:*:*:*:*:*:* |
|
|
|
|
| cpe:2.3:a:schneider-electric:tableau_server:7.0:*:*:*:*:*:*:* |
|
|
|
|
| cpe:2.3:a:schneider-electric:wonderware_intelligence:*:r3:*:*:*:*:*:* |
|
2014 |
|
|
| cpe:2.3:a:schneider-electric:tableau_desktop:7.0:*:*:*:*:*:*:* |
|
|
|
|
Related information, measures and tools
Common Vulnerabilities List